Cyber security has traditionally taken a reactive approach. To defend against a threat, we needed to know what the threat was and how it manifests. However, the threat landscape can shift quickly. Advanced Persistent Threats stay under the radar for a long time, so we don’t learn about the threat and how to find it. Ransomware quickly moves from initial access to impact, so we can’t afford to take a reactive approach. This course teaches a proactive approach to cyber security by incorporating cyber threat intelligence and threat hunting. Students will use tools and techniques to derive technical intelligence about threat actors. They will identify strategies for collection to inform operational and strategic requirements. In addition, they will develop hunting hypotheses using threat intelligence as cues, convert those hypotheses to analytics, and validate the hypotheses to determine whether a threat actor has successfully breached the network. This is a technical course where students will apply these concepts in hands-on environments. Students should be familiar with attacker methodologies, intrusion detection concepts, and network traffic analysis.